Hacking AI: Why Most AI Systems Are Insecure by Default

Stop Building AI Agents: Build Harnesses Instead | Hamza Tahir (ZenML / Kitaru)

Everyone is building AI agents. OpenAI SDKs, Claude Code, Deep Agent systems, custom workflows, and orchestration frameworks all promise more autonomous AI. But as these systems become more capable, they start running into familiar engineering problems: * retries * state management * orchestration * context control * durable execution This week we're joined by Hamza Tahir, CTO and co-founder of ZenML and creator of Kitaru, to discuss what happens when agents stop being simple chat interfaces and start behaving like long-running distributed systems. We explore: * what an agent harness actually is * durable execution and why it matters * orchestration vs business logic * state management for long-running agents * retries, checkpoints, and human-in-the-loop workflows * context management and token costs * open vs closed agent frameworks * why everyone seems to be rebuilding the same layer of infrastructure One of the biggest questions we kept coming back to: What is a meta harness? If you have an answer, let us know in the comments. Kitaru https://github.com/zenml-io/kitaru [https://github.com/zenml-io/kitaru] ZenML https://www.zenml.io [https://www.zenml.io] Hamza Tahir https://www.linkedin.com/in/hamzatahir/ [https://www.linkedin.com/in/hamzatahir/] Pedro Agentware https://github.com/Soypete/pedro-agentware [https://github.com/Soypete/pedro-agentware] OpenAI Agents SDK https://platform.openai.com/docs/guides/agents [https://platform.openai.com/docs/guides/agents] Temporal https://temporal.io [https://temporal.io] DBOS https://www.dbos.dev [https://www.dbos.dev] Apache Airflow https://airflow.apache.org [https://airflow.apache.org] Prefect https://www.prefect.io [https://www.prefect.io] Domesticating AI is a bi-weekly podcast about practical AI for developers. We help you brace the feral open-source AI landscape — so you can tame it instead of getting dragged by it. Subscribe on YouTube, follow on Spotify or Apple Podcasts, and support the show on Patreon. Keep your AI on a leash. Links

Self-Hosting AI: Scaling Is the Real Problem

AI is easy to use — but hard to scale. In this episode of Domesticating AI, we’re joined by Daniel Dowler (Red Hat) to break down what actually happens when you move from calling APIs to running AI systems yourself. Recorded on April 21st Most developers interact with AI through APIs — fast, simple, and pay-per-token. But behind the scenes, those systems rely on GPU scheduling, batching, and infrastructure that doesn’t behave like traditional software. We cover: * Why GPU scaling is fundamentally different from CPU scaling * Why tools like vLLM are becoming the default for high-performance inference * How Ray and Kubernetes fit into real-world AI systems * What parallelism (tensor, data, expert) actually means in practice * When self-hosting AI makes sense * When APIs are still the better choice * Claude Opus 4.7 https://www.anthropic.com/news/claude-opus-4-7 [https://www.anthropic.com/news/claude-opus-4-7] * Qwen 3.6 (Alibaba) https://qwen.ai/research [https://qwen.ai/research] * Kimi K2.6 (community discussion) https://www.reddit.com/r/LocalLLaMA/s/kvRWb7uJgM [https://www.reddit.com/r/LocalLLaMA/s/kvRWb7uJgM] * vLLM → https://github.com/vllm-project/vllm [https://github.com/vllm-project/vllm] * Ray → https://github.com/ray-project/ray [https://github.com/ray-project/ray] * Kubernetes → https://kubernetes.io [https://kubernetes.io] * Kueue → https://kueue.sigs.k8s.io [https://kueue.sigs.k8s.io] * LiteLLM → https://github.com/BerriAI/litellm [https://github.com/BerriAI/litellm] * KServe → https://kserve.github.io Daniel Dowler Platform engineer at Red Hat focused on Kubernetes and AI infrastructure. Daniel works on how modern systems support real workloads, including GPU scheduling, distributed inference, and scaling AI in production environments. He recently spoke at Machine Learning Utah on AI infrastructure and clustering. You don’t scale AI with replicas. You scale it by managing scarce compute. Subscribe on Spotify or Apple, and follow us on YouTube. 👉 Keep your AI on a leash. 🧠 News🔗 Tools & Tech Mentioned👤 Guest🎯 Key Takeaway

You’re Using AI Wrong: Build the System, Not Just the Prompt /w Lexi Pasi

Recorded: April 14, 2026 Most people using AI today are still users. They open ChatGPT, call an API, and get an answer. And honestly… it works. But that’s not the same as building with AI. In this episode of Domesticating AI, we break down the difference between AI users and AI practitioners—and why that shift matters if you want reliable systems. We’re joined by Alexandra “Lexi” Pasi, PhD, CEO of Lucidity Sciences, to talk about what it actually means to own the system around AI: * why calling an API is still user behavior * what changes when you build the harness * how agent systems actually fail (loops, cost, drift) * why switching models isn’t a reliability strategy * how to add layers—constraints, validation, and control flow * why engineering discipline matters more with AI, not less If you’ve built your first AI agent, workflow, or coding loop—this is the “now what?” episode. Alexandra Pasi is the CEO of Lucidity Sciences, where she works at the intersection of mathematics, machine learning, and real-world system design. She holds a PhD in Mathematics from Baylor University and specializes in building analytical and algorithmic systems that bring structure to complex, uncertain environments. 🔗 LinkedIn: https://www.linkedin.com/in/alexandrapasi/ [https://www.linkedin.com/in/alexandrapasi/?utm_source=chatgpt.com] 🔗 Lucidity Sciences: https://luciditysciences.com [https://luciditysciences.com] * Google TurboQuant (LLM compression research) https://research.google/blog/turboquant-redefining-ai-efficiency-with-extreme-compression/ [https://research.google/blog/turboquant-redefining-ai-efficiency-with-extreme-compression/?utm_source=chatgpt.com] * Anthropic Claude Mythos Preview (security-focused model) https://red.anthropic.com/2026/mythos-preview/ [https://red.anthropic.com/2026/mythos-preview/?utm_source=chatgpt.com] * Project Glasswing (Anthropic security initiative) https://www.anthropic.com/glasswing [https://www.anthropic.com/glasswing?utm_source=chatgpt.com] * Karpathy Autoresearch (self-improving training loop) https://github.com/karpathy/autoresearch [https://github.com/karpathy/autoresearch?utm_source=chatgpt.com] * Kitaru (durable agent execution framework) https://github.com/zenml-io/kitaru [https://github.com/zenml-io/kitaru?utm_source=chatgpt.com] * Subscribe on YouTube * Follow on Spotify & Apple Podcasts * Support the show on Patreon: 👉 https://patreon.com/DomesticatingAIPodcast [https://patreon.com/DomesticatingAIPodcast] Keep your AI on a leash. 🧾 Episode Summary👤 Guest: Alexandra “Lexi” Pasi, PhD🔗 Topics & Links Mentioned🔔 Follow & Support

Hacking AI: Why Most AI Systems Are Insecure by Default

Hosts: Miriah Peterson, Matt Sharp, Chris Brousseau Recorded: April 2026 Status: Released Most AI systems today are designed to be helpful — not secure. In this episode, we break down how AI systems actually get exploited in production: * a real supply chain attack on a widely used AI dependency * prompt injection and why it still works * image-based (multimodal) exploits * tool and agent abuse If you’re building AI — especially at a startup — you are the security team. A widely used AI dependency was compromised via a malicious .pth file: * executes automatically when Python starts * no import required * targets credentials, SSH keys, and environment variables 👉 Just installing the package was enough. This highlights a critical reality: Your AI system is only as secure as your dependencies. * Models cannot distinguish between instructions and data * External content can override system behavior * Still one of the most common AI vulnerabilities 🔗 https://learnprompting.org/docs/prompt_hacking/injection [https://learnprompting.org/docs/prompt_hacking/injection] * Hidden instructions embedded in images * AI interprets images differently than humans * Expands the attack surface significantly 🔗 https://arxiv.org/abs/2306.11698 [https://arxiv.org/abs/2306.11698] * AI systems can take real-world actions via tools * Prompt injection → API calls, data leaks, unintended execution * Agents amplify risk through autonomy and retries If you’re building AI systems today: * separate instructions from data * limit tool permissions * treat outputs as untrusted * validate everything before execution * AI systems have an internet-sized attack surface * Supply chain attacks bypass all AI safeguards * Prompt injection is a fundamental problem * AI doesn’t fail safely — it fails wherever your system is weakest * LiteLLM incident: https://github.com/BerriAI/litellm/issues/24512 [https://github.com/BerriAI/litellm/issues/24512] * Attack breakdown: https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/ [https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/] * LLM attack techniques: https://llm-attacks.org/ [https://llm-attacks.org/] * OWASP LLM Top 10: https://owasp.org/www-project-top-10-for-large-language-model-applications/ [https://owasp.org/www-project-top-10-for-large-language-model-applications/] * Gandalf challenge: https://gandalf.lakera.ai/ [https://gandalf.lakera.ai/] We’ve launched a Patreon for Domesticating AI 🎉 Get: * early access to episodes * behind-the-scenes content * bloopers and uncut moments 👉 https://patreon.com/DomesticatingAIPodcast [https://patreon.com/DomesticatingAIPodcast] * 🎥 YouTube: https://youtu.be/HTTxE7Y1sko [https://youtu.be/HTTxE7Y1sko] What’s the weirdest way an AI system has broken for you? Keep your AI on a leash.

Coding with AI: Vibe Coding vs Real Engineering (with Tyler Folkman)

AI can write code — but that doesn’t mean you should trust it. In this episode of Domesticating AI, we’re joined by Tyler Folkman (author of The AI Architect) to break down how engineers are actually using AI to build software — and why most people are still just vibe coding. * Vibe coding vs real engineering * Reasoning models vs coding models * How to plan and prompt AI effectively * When to let AI take the wheel (and when not to) * Local vs cloud coding agents * Token costs vs owning hardware * Tyler Folkman — The AI Architect [https://tylerfolkman.substack.com/] * Anthropic https://www.anthropic.com [https://www.anthropic.com] * OpenAI https://openai.com [https://openai.com] * Ollama https://ollama.com [https://ollama.com] * MiniMax-M2.5 https://ollama.com/library/minimax-m2.5 [https://ollama.com/library/minimax-m2.5] * GLM-5 https://ollama.com/library/glm-5 [https://ollama.com/library/glm-5] * AmpCode Chronicle https://ampcode.com/chronicle [https://ampcode.com/chronicle] * Andrej Karpathy on Context Engineering https://x.com/karpathy [https://x.com/karpathy] * “Human in the Loop is Tired” (add link if you have it) Domesticating AI is a bi-weekly podcast about practical AI for developers. We help you brace the feral open-source AI landscape — so you can tame it instead of getting dragged by it. contact@domesticatingai.com Spotify https://open.spotify.com/show/2WsAR4fvcXzp3vVZGVlkE2 [https://open.spotify.com/show/2WsAR4fvcXzp3vVZGVlkE2] Apple Podcasts https://podcasts.apple.com/us/podcast/domesticating-ai/id1873338950 [https://podcasts.apple.com/us/podcast/domesticating-ai/id1873338950] Are you vibe coding — or engineering with AI? Let us know your setup. Keep your AI on a leash. 🧠 What We Cover🔗 Links & ResourcesGuestModels & ToolsArticles / Mentions🎧 About the Podcast📬 Contact🔥 Follow👇 Join the Discussion